<?php
require_once 'includes/config.php';
require_once 'includes/functions.php';

$sqlSelUser="SELECT * FROM tbl_users where status!=5 and username='".$_POST['username']."' and password='".$_POST['password']."'";
$rstSelUser=mysql_query($sqlSelUser) or die(mysql_query());
$numSelUser=mysql_num_rows($rstSelUser);			

if($numSelUser>0) {						
    $rowSelUser=mysql_fetch_array($rstSelUser);
    $userId=$rowSelUser['user_id'];
    $userType=$rowSelUser['user_type'];
    $sellingStatus=$rowSelUser['selling_status'];
    $userStatus=$rowSelUser['status'];
    $userEmail=$rowSelUser['email'];
    if($userStatus==3)
        $err="Your account is on hold, please contact us for more information";
    
    if($userStatus==4)
        $err="Your Account has been placed on the inactive list, please contact Swapen Support";
    else
    {
        session_start();
        $_SESSION['user_id_sess']=$userId;
        $_SESSION['user_type_sess']=$userType;
        $_SESSION['user_name']=$_POST['username'];
        $_SESSION['user_status']=$userStatus;
        $_SESSION['user_email']=$userEmail;
    
        if($_POST['remember'])
        {
            setcookie("swapen_id", $userId, time()+3600*24);
            setcookie("swapen_name", $_POST['username'], time()+3600*24);
            setcookie("swapen_type", $userType, time()+3600*24);
            setcookie("swapen_user_status", $userStatus, time()+3600*24);
            setcookie("swapen_user_email", $userEmail, time()+3600*24);
        }
        if($_SESSION['user_id_sess']!="" && $_SESSION['user_name']!="" && $_SESSION['user_type_sess']!="") {
                                                        
            if($_GET['url']!="") {
                echo "<script type='text/javascript'> window.location='index.php?".$_GET['url']."'; </script>";
                $err =  $_GET['url'];
            }
            else {
                echo "<script type='text/javascript'> window.location='index.php'; </script>";
                $err = '';
            }
        }						
    }
}
else {
    $err='Invalid user name and password.';
}
echo $err;
?>